Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech. Unauthenticated adversaries require physical access to the target’s device to exploit it in high complexity attacks. Attackers can create custom USB devices that Windows Hello will work with to completely circumvent Windows Hello’s facial recognition mechanism using a single valid IR frame of the target. Microsoft has released Windows 10 security updates to address the vulnerability as part of the July 2021 Patch Tuesday. Some Windows Hello users protected from attacks.
Source: https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-hello-authentication-bypass-vulnerability/